TOPIC: Need help with DMZ Design

1 – Web Server (just a front end for the web portal. It does not save
any transaction state it just receive web request and pass them to an
application server which does all the heavy lifting.)
1- Application Server ( it holds an application which makes business
rules decisions based on information provided by the customer, in this
case, an insurance agent.
1 – DB Server ( Holds all records and information for the insureds.)
1- Web Services Server ( To avoid having SQL statements or queries
coming from a server on the DMZ to an internal server that could
expose DB structure if the server is compromised, we are using a web
services server that will store web services.)

An example of a transaction would be that an insurance agent logs into
our web portal (web server). This agent has a user name and password
that has been assigned to him based on his customer number. This
agent wants to find out if an insured exist on our system. The way I
see this happening is that a web service call is initiated from either
the web server or the app server to the web services server to query
the DB server. The web services server query the DB and find out that
the insured exist. The web services gather the requested information
from the DB server and pass it to the web server.

What would be the best practice to secure the communication between
the external user, the servers and the servers on the DMZ and internal
servers? I'm not sure if ISA can be used and where it could be placed
and if I should use it as a Proxy, Firewall, etc. How many firewalls
could be used to protect the different areas and where could they be
placed? Should I use IPsec, certificates, radius server, AD on an
isolated forest for authentication?

I was thinking to place the Web Server and the Application server on
the DMZ, place the DB Server and the Web Services Server on the
internal network because of the sensitive data they hold. Everything
that I have read so far indicate that communication between server on
the DMZ and internal servers should be avoided. If I want to secure
my data and allow agents to access the web portal, I don't see any
other way to do this but to allow communication between external
servers and internal servers.